CVE-2024-49780

Summary

CVE-2024-49780 is a vulnerability affecting IBM OpenPages with Watson versions 8.3 and 9.0. This issue grants a remote attacker the ability to traverse directories on the system, allowing them to write files to arbitrary locations outside of the specified directory and potentially overwrite existing files. Attackers can exploit this vulnerability by sending a crafted HTTP request during the Import Configuration process, containing "dot dot" sequences (/../) in the file name parameter. IBM OpenPages users are advised to update their systems as soon as possible to mitigate the risk of this potentially serious vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.